Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2024, 16:41

General

  • Target

    6d35a5fce8e3337859df86f57384ad50_NeikiAnalytics.exe

  • Size

    41KB

  • MD5

    6d35a5fce8e3337859df86f57384ad50

  • SHA1

    ba634a548831727cbcdc46c30cdd4206c9e6bf5b

  • SHA256

    0a11ea9456f342b1b55fca169727aea002f0c2bf561da232081722fa2c693501

  • SHA512

    c2ae0f66d3f1913af63c5005d6a190609d102af5b265a6f536b6e0920bbfe055964f697832b1b475c882f0061d30d70ea4f6a21b13ed56a2369e3a0e93104fcd

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d35a5fce8e3337859df86f57384ad50_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6d35a5fce8e3337859df86f57384ad50_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2252

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          baa82e796c9761287e6ffa616b30091f

          SHA1

          cd9f05444ea6df92493fb54520c20e8618333bfa

          SHA256

          1312f6370b74c9c4df89430bab1f2b04156b19254bbbdeda34c4d31bb1162c38

          SHA512

          eef418919e74cf3fd9d7519d6ac97a3c5693ecad3b50d3880fa11ac41b6ecf93bf4c52aa1faba1d1bd0e35e73d8082dbacad39d143a7be62643a58fb5f9dd0d0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0bfee897167224e35d7b05bee4e585cd

          SHA1

          f630afb3634ed97d0ad4d9dbbd41f240ed1c5f74

          SHA256

          46eded54e04c97026c16ea6f8a7e622957687600b729a5daa647986e1aab6c87

          SHA512

          93c4bdc1149015bd5edc60e8ed7bfec5e5affe3dd189c1eabfe2869d2d6c910f5208323d215ca5370c565ac59de9772ce3a6a830673794974b9a6ff95b5337f2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          722b2cbd4c10e49b93a76938604b5a0f

          SHA1

          b64da119c6f1239832803c1dc8ca5e33ed7f4443

          SHA256

          f215e008ea5e410ec426108365528c6676ac1e9dc699ac3f7af37ea14f081b94

          SHA512

          bb00bd507867de0f191bdf948a50ced0f128004ad48b4980de372e2423fcd966c9fe5095951a973fea5dad69a90a09994f5054486e0712c301ecf3fe64e6c27c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8f6f23c0c444b13d78ea83f161902c37

          SHA1

          b63831109bcb5e329627a6c31f03103bd538c794

          SHA256

          e0b5f5fa7387a955539ceaa594fed72245df2ff320d64a68070ff10c23babba8

          SHA512

          6656245bd41fc41ea650cdd4f98bf00cb0ee28612d25dce9b102a250bf69440d68e68499656bc794f0e8a71efed4a5a82e3abb6d51152915ebec9c2616034352

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          14ac5784814f3b4daaae9bae04014308

          SHA1

          d3d6dc4df3bc996b6b706bb44f93b2fa7f380ff1

          SHA256

          5f48c77f9d60d7ae72cecb3f7fc2584b4227c0652f23d84c06924c448da0bb1e

          SHA512

          c38ab7cf619b8ab9223a3ef4892c1ac360ea095f1c6bd8102d5a3e8eba0b791caf9067fbac3df79986fc07cf1f3eadcaf34a251162fe61859f4d0cbbd267911a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cb92bbc272e1324c676f48f8a5154f8f

          SHA1

          791151ad80e2d304930daaa000c1c8809493a264

          SHA256

          4fce11a46f6e9396cbbcce39106c0654fc6db818fe997e5c394a405383cf0a49

          SHA512

          9a43cea94701e8de178e24f034693af78a56fd6e1a529903a43c18e3acd1139dd4a2f18ff3801624d60b4a864bfe63df7f3ce5e4b22cad2aaf8e40da6bf8c520

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6b2921b6a99ccfcb8cc028009b85fa83

          SHA1

          e233497abdfe51483eb9e51e24655c54225562d8

          SHA256

          27aecb5786b9bdfdea35a6f4530918ecdea1c1804d951fc7c849536aa62ae104

          SHA512

          ee1e47e0e164670cb0258e9bbd5d1143d2f75205e07f0de45fc5a0ca97194a70057c6993fcb49c4d09031e7d5a2d646b0c8efe113284d397725581f36bf03993

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e16d5c244c10ec574b92dad7502e1716

          SHA1

          4dfca64e38418774d026d8b33841ef170eea21e2

          SHA256

          eea5de6d25e31780ff502621fb1cc35fd742abba70d53f54bf8127b160207c48

          SHA512

          32772e51180aec22fc87ed38c07c9a04177f6ac57d48c956866dafddd9ef29fcf237003ccb0b90a39ede473c89cd109aac575ac9fcb3e087b1711887b29aca8c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b18bb8a690921a83486220be55c0da6e

          SHA1

          0087e5223ff19239dd3a7f132cd2661b4146b55b

          SHA256

          a0e9ccff9f122cfc290bb874a3e8ad385bec7463a0755a534b0c1cbc8c4b4f58

          SHA512

          e5faebee5ea5381133e83dfb300f5b37638d41217d706e880fc77b2c82b0e6840e97f9308f4033b9052f1b2a480ab9255eaa6e7436b02acc720d0e3cf62840bf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          90bc35a5e363b06bce9798ff4366c9b2

          SHA1

          af9dd443c55f9dbd01e69321cf5a29980bb706ce

          SHA256

          d08f2fbd9f1dbe7c90382ff2f2217bd781da52ecc3c767e65211a8db206d9389

          SHA512

          3402f020f09c580d0def31ed39d34be80a90cbf89ed07390bffeffce3e50cc2fe8333a7134f1834ec1140452cc3d631d6fb984a18a06f3346cb3554a55430472

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          14e15387d93871ae0eff938a2fcb66cb

          SHA1

          35076e64f34a8f5804828436a97cfb95307a74c9

          SHA256

          6d7bb653c80c3c72f0cae1e437974c521d6e6ea263cd3ad9986bccf8869fea92

          SHA512

          3bbe1cf26e0c5e49d38850d67fe78f36e40c64564262a096beceb3d45104e6b6797c69ae12201a85a667f0ee561b76a293ff6de7b3519fe25a78fa1db92676c0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          95eae7f3844bd833ce0fc6d52de4241a

          SHA1

          44516c7800bc3de2fc1c278c015ff7a7cf984d29

          SHA256

          b07a158d9a8d7d981b8cd607e1de00703b82d5ae64fb577b6c63c34e49d21da4

          SHA512

          87a92ea192cd4b0d107fbb4221294659565c86cb1c474a0c20a3e78e9388858ec8edcbcdac570b32ad45583405c3148a918e2feefc229d3856fa844cad3e5beb

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\search[3].htm

          Filesize

          25B

          MD5

          8ba61a16b71609a08bfa35bc213fce49

          SHA1

          8374dddcc6b2ede14b0ea00a5870a11b57ced33f

          SHA256

          6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

          SHA512

          5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\default[7].htm

          Filesize

          308B

          MD5

          ccfe63b884fe4225fa33f618a54ce37a

          SHA1

          bbb0778c1597eafe7fb9c5c65412f8ab04b2e311

          SHA256

          f7dd5bab49466a4cdb6a7f5a0e07a158f7a1567bd809ed745812469775b33112

          SHA512

          858f345503c89ba075b374764145fba5b1a9d3440d1628edeab0a3e02cc7cbfbe1119c20747026e69d630ed262d3c91c5073ef06823cf727dfcb11605c7c5ff8

        • C:\Users\Admin\AppData\Local\Temp\Cab2B9D.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Cab2C79.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar2C9D.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Users\Admin\AppData\Local\Temp\tmp2CEC.tmp

          Filesize

          41KB

          MD5

          c388866629a364547abfae725d78f33e

          SHA1

          d5f6b4def42f34b63619e0740c0b64c920b8889c

          SHA256

          6f697f94753fc1736145b072f0c5b5a41133a8376c76685aa230d366bf603b36

          SHA512

          f2aa76e23a34baf9f23142fac422387dbdf99c89627ac0e0b8705155997d412532068968eb5169e034c2bc39b3f135659c46cad5c9b1dbcb1853afdebe557327

        • C:\Users\Admin\AppData\Local\Temp\zincite.log

          Filesize

          160B

          MD5

          5f1408d57011fa276c31081ebad3744a

          SHA1

          aa18ac6f4b9d613321eb2485bc152fd680626f4b

          SHA256

          ec4544d7bae138a6eff1f399ee42bbea25bd524810bbef0ae94cdc453662d555

          SHA512

          48afa991f97236a36b42287011481f04e2174cf895a32ffc38872f9ec48813f546bb1e6cf8941b12c4e08068814b0b895c8a1cc63c2c6d6c08e7952beab19d33

        • C:\Users\Admin\AppData\Local\Temp\zincite.log

          Filesize

          160B

          MD5

          4fbf19391bacdaf36ccaf545674835fe

          SHA1

          5085370e5f957bf01e51368b2909b8f6edf36b00

          SHA256

          c1a17a2229e86be4889c832d4efd841f04f66f0511a3a5142aeb3cdbaf3a4479

          SHA512

          fd5d4b5bf89040ebd83f59c1dde21c5ecc312fae5041fb5bd84216efadab0a7d55bd338e4c6a65e7e67dedf00807fd7d1736fea8af75bfe6ed999fa94560aece

        • C:\Windows\services.exe

          Filesize

          8KB

          MD5

          b0fe74719b1b647e2056641931907f4a

          SHA1

          e858c206d2d1542a79936cb00d85da853bfc95e2

          SHA256

          bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

          SHA512

          9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

        • memory/2220-38-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/2220-57-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/2220-4-0x0000000000220000-0x0000000000228000-memory.dmp

          Filesize

          32KB

        • memory/2220-80-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/2220-15-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/2220-750-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/2220-73-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/2220-22-0x0000000000220000-0x0000000000228000-memory.dmp

          Filesize

          32KB

        • memory/2220-0-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/2220-66-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/2220-78-0x0000000000500000-0x0000000000510200-memory.dmp

          Filesize

          64KB

        • memory/2252-39-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-69-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-62-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-67-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-34-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-29-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-27-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-58-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-751-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-74-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-21-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-16-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-81-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2252-79-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB